Microsoft Windows 2000 Patch: Network DDE Agent Request

This update resolves the "Network DDE Agent Request" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-007. Download now to increase security and prevent a malicious user from running code to take control of your computer. Network Dynamic Data Exchange (DDE) enables applications on different computers running Windows to share data dynamically, with channels called trusted shares. Trusted shares are managed by a service called the Network DDE Agent. On computers running Windows 2000, the Network DDE Agent runs using the Local System security context, rather than the security context of the user. Because Local System security allows a piece of code to function as part of the operating system, a malicious user, with the ability to run code on the affected computer, could exploit the vulnerability to run commands and programs by using the privileges of the operating system itself. This could allow the malicious user to take virtually any action on the computer. For more information about this vulnerability, read Microsoft Security Bulletin MS01-007.